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Listing of Claims: 

Claim 1 . (currently amended) A method for network defense, comprising the steps 

of: 

detecting mission events by processing communications packets and traffic 
streams; 

forming mission tracks by processing said mission events, 
determining active mission types, using said mission events; 
determining state of each mission, using said mission events, including producing 
a mission state vector for each mission; 

estimating mission sensitivities by processing said mission tracks; 
prioritizing network operations by processing said mission sensitivities; and 
correlating network alarms to missions by processing said mission sensitivities, 
wherein said steps include a database of dynamic and a priori information, 
wherein estimating mission sensitivities by processing said missiontracks 
comprises estimating mission sensitivity to network perturbations, using mission 
tracks; 

using a system dynamics model and a set of network perturbations to produce a 
nominal version of the mission state at k+1 and a perturbed version of the mission state at 
k+1 . by injecting the perturbed version with the set of network perturbations at a 
predetermined time : 

propagating out the nominal version of the mission state at k+1 and the perturbed 
version of the mission state at k+1, to a computation horizon; and 

computing the difference between the overall mission effectiveness along the 

nominal version of the mission state and the perturbed version of the mission state. 
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Claim 2-4 (canceled) 

Claim 5. (Original) The method of claim 1, wherein prioritizing network operations by 
processing said mission sensitivities comprises ordering said list of network operations 
by comparing said mission sensitivities. 

Claim 6. (previously amended) The method of claim 1 , wherein said correlating 
network alarms to missions by processing said mission sensitivities comprising creating a 
list of relationships between each network alarm and each mission using said mission 
sensitivity values. 

Claim 7. (previously amended) The method of claim 1, wherein network 
perturbations comprise modifications to network devices, protocols, policies, or 
architecture through network management courses of actions. 

Claim 8. (previously amended) The method of claim 1 , wherein network 
perturbations comprise modifications to network devices, protocols, policies, or 
architecture through attacks on network devices, protocols, policies, or architecture. 

Claim 9-1 2 (canceled) 

Claim 13. (previously amended) The method of claim 1, wherein the active mission 
types are determined through the use of a HMM. 

Claim 14. (previously amended) The method of claim 1 , wherein the state of each 
mission is determined through the use of a HMM. 

Claim 15. (Original) The method of claim 13, wherein mission HMM component 
determination comprises combining performance statistics from earlier missions with an 
Operational Sequence Diagram. 
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Claim 16. (Original) The method of claim 14, wherein mission HMM component 
determination comprises combining performance statistics from earlier missions with an 
Operational Sequence Diagram. 

Claim 1 7. (previously amended) The method of claim 1 , wherein the step of 
determining said active mission types is performed inductively. 

Claim 18. (previously amended) The method of claim 17, wherein the step of 
determining said active mission types inductively, is through the use of a forward 
algorithm. 

Claim 1 9. (canceled) 

Claim 20 (previously amended) The method of claim 1 , wherein said estimating 
mission sensitivity to network perturbations comprises using a closed-form expression to 
compute mission sensitivities. 

Claim 21 . (previously amended) The method of claim 1 , wherein said set of network 
perturbations comprises a set of alternative network operation COAs. 

Claim 22. (previously amended) The method of claim 1 , wherein said set of network 
perturbations comprises a set of attacks on network devices, protocols, policies, and 
architecture. 

Claim 23. (Original) The method of claim 20, wherein said set of network perturbations 
comprises a set of alternative network operation COAs. 

Claim 24. (Original) The method of claim 20, wherein said set of network perturbations 
comprises a set of attacks on network devices, protocols, policies, and architecture. 
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Claim 25 - 32 (canceled) 
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